Embed Size (px)
Citation preview
The Future of The Future of High Tech CrimeHigh Tech Crime
CJUS 453 - Dr. William TafoyaGovernor State UniversityCynthia Hetherington, MLS
OverviewOverview
• Past• Present• Future
The PastThe Past
• Tri-corder = Palm Pilots• Communications Badge = GPS
Location + Cell Phone• Multi Quadrant Communications
Channels = Internet– “Secure Channel LT.” Capt. J. T. Kirk
• Multimedia viewing = Video Phones• More?
The PresentThe Present
• Pros vs. Cons• Fruitcakes
Pros vs. ConsPros vs. Cons
• The Pro’fessors– Gene Spafford
• Purdue CERIAS (Center for Education and Research in Information Assurance and Security)
– Dorothy Denning• Computer Science at Georgetown
University (Cryptography & Information Warfare)
Pros vs. ConsPros vs. Cons
• The Pro’fessionals– Donn Parker
• Automated Crime
– Fred Cohen• Cyberforensics
– Dan Farmer• Satan
– Phil Zimmerman• PGP
Pros vs. ConsPros vs. Cons
• The Pro’tectors– Winn Schwartau
• Infowar was not falling
– High Tech Crime Investigation Association
– Cybercops– Robert Steele and other defectors
CONSCONS
• Disgruntled Employees• Malicious Crackers• Ethical Hackers• Newbies• Terrorists• Criminals
Cons & ContactsCons & Contacts
• Kevin Mitnick - www.freekevin.com• http://www.defcon.org/• http://www.zdnet.com/zdtv/cybercrime/• http://www.lopht.com/• http://www.hackernews.com/• http://www.astalavista.box.sk• http://www.antionline.com
Cons…. Who is a hacker?Cons…. Who is a hacker?
• An informal idea:– A talented and persistent individual with a
knowledge of computer systems.– A system administrator or programmer.– A nuisance or genius.– Wannabe– Not all deviant computer users are hackers,
not all hackers are deviant.– A GOOD hacker talks about code, not dress
code.
Some Famous HackersSome Famous Hackers
• Bill Cheswick, Bell Labs– Firewalls and Fixes
• http://www.wavelet.org/cm/cs/who/ches/index.html
• Cult of the Dead Cow– Back Orifice and BO2K
• Lopht and Mudge– Lopht’s tools, Antisniff
• More.. http://www.antionline.com/features/WhoRU/
The FutureThe Future
• Information Security Magazine, November 1999
• That pain in the neck librarian requesting information.
BILL CHESWICKBILL CHESWICK
• More denial of service attacks.• Worse viruses that spread further.• Attacks on the Internet infrastructure• Infowar will be:
– Real– Noticeable– Soon– Especially during wars and military police actions.
• Smart criminals will continue to remain almost un-catchable on the net, hidden by anonymity.
• People will realize the Internet isn’t as reliable as their telephone service.
A. PADGETT PETERSONA. PADGETT PETERSON
• The increasing population of telecommuters leads to further social and cultural polarization. Attempts by cities to attract affluent residents will fail. Like-minded people will tend to cluster in self-sufficient residences.
• Technological anarchy is exacerbated by the continuing lack of skilled security professionals. Salaries lag behind until demand reaches a critical stage.
BRUCE SCHNEIERBRUCE SCHNEIER
• As systems get more complex and interconnected, security will get worse.
• Unless manufacturers are held liable for security failures, security will get worse.
• In the short term, the best course of action for enterprises is to outsource security to companies that have the expertise to understand the systems being secured.
WILLIAM H. MURRAYWILLIAM H. MURRAY
• The end of PC-based computing and the emergence of appliance-based, network-centric computing are in sight.
• We will not secure the ’Net by patching UNIX. We will have to add structure and use strong-authentication and end-to-end encryption.
E. EUGENE SCHULTZE. EUGENE SCHULTZ
• Denial-of-service attacks will escalate in comparison to other types of attacks, resulting in several widespread incidents.
• Intrusion detection will become more sophisticated. Incident response methods that are less reliant on human intervention will emerge.
HARRY DeMAIOHARRY DeMAIO
• "Set and forget" integrated security suites will remain more desire than fact.
• Telecommuting for some portion of the workweek will be normal for most information workers, resulting in longer work weeks.
• Reliable and wider-band wireless communication will take "telecomputing" to a higher level of mobility, making strong, easy-to-use authentication a critical factor.
SARAH GORDONSARAH GORDON
• Advances will include an increasingly large selection of network-aware viruses.
• There will be a sharp increase in the prevalence of worms.
• Without significant changes in antivirus protection, a virus will bring down large portions of cyberspace without warning.
PETER TIPPETTPETER TIPPETT
• Designed-in security isn’t…• Best practices aren’t…• Firewalls don’t…• 1024-bit crypto won’t…• Antivirus never was…• Risk analysis almost never is…
ALAN PALLERALAN PALLER
• Virtual private networks will offer a new feature that requires minimum acceptable security before allowing a new user to connect—and the check will be completely automated.
• Some corporations will refuse to do business with suppliers that do not demonstrate they have achieved minimum acceptable levels of security.
DONN B. PARKERDONN B. PARKER
• Those who abuse and misuse information will continue to benefit from our inept information security folk art unless we achieve a new and complete information security business and engineering discipline.
• Complete and perfect automated crimes packaged in single computer programs will be the next challenge we must defeat using completely automated security.
CHARLES CRESSON WOODCHARLES CRESSON WOOD
• Security Officers will be called upon to act as traffic cops and mediators, and to make sense of what is quickly becoming an information-overloaded workplace.
• Job titles will change to reflect significantly higher-level management positions.
• Salaries will increase at least 20 percent in the next year to attract more high-caliber people to the field.
RUSS COOPERRUSS COOPER
• As their connection to the ’Net becomes more threatened than the deadbolt on their front doors, consumers will demand action.
• If consumers were to demand greater security, together with more realistic software licenses, vendors would, inevitably, supply this demand by providing what consumers want.
FRED COHENFRED COHEN
• Digital forensics will adopt a marketing model to gather more in-depth criminal evidence.
• Massive data collection and analysis capabilities will become available to law enforcement to combat cybercrime.
• In the cyber-realm, individual privacy rights will whither and die on the vine.
• Same ol’ crimes, new venue.
WINN SCHWARTAUWINN SCHWARTAU
• The United Nations will examine cyberwar issues as a distinct aspect of the international law of war, pre-emption and escalation.
• Frustrated by the inability and unwillingness of law enforcement to protect them, companies will strike back at online attackers, and will be prosecuted by an aspiring U.S. attorney for their actions. Congress will rewrite the laws so that companies can protect themselves.
IRA WINKLERIRA WINKLER
• Industry and government will continue to under fund their administration staffs. As a result, both will continue to suffer very preventable losses.
• There will be some very noticeable and preventable attacks against key government systems.
• Government efforts to obtain voluntary industry cooperation in securing the infrastructure will fail.
• Insurance companies will establish computer security requirements.
• Computer security budgets will eventually increase.
PETER NEUMANNPETER NEUMANN
• Commercial developments will continue to be very slow in providing truly robust systems and networks in the face of realistic adversities.
• Systems will continue to fall apart on their own, without attacks. In addition, willful misuse will accelerate, including seriously malicious activities.
• Moreover, in the absence of that massive Y2K hype, it is likely that there would have been serious disasters.
DOROTHY DENNINGDOROTHY DENNING
• The administration will open up exports to all forms of encryption software, including source code and toolkits, of unlimited key sizes and with or without key recovery.
• Although most encryption products will be exportable everywhere other than to the seven countries that support terrorism, the export regime will not be eliminated. Products will still need to undergo a one-time technical review. Business will still be required to report exports.
• Americans will remain free to use any encryption of their choice.
LANCE HOFFMANLANCE HOFFMAN
• The market for personal information will grow, as half-a-million people or more sell their personal information to marketers.
• Armed with your personal data, new portal tools will be able to seamlessly integrate details about your life and habits.
• Two-thirds of computer users will choose utility and ease-of-use over security, but a vocal minority will complain, forcing Web sites to slim down their data requirements.
RICHARD THIEMERICHARD THIEME
• Fully computerized homes will be as hackable as Web sites.
• With the network always "on," there will no way to unplug.
• Embedded systems, such as spoken languages, will become filters for primary experience.
JOHN GILMOREJOHN GILMORE
• Every light bulb, stereo and parking meter will be on the ’Net.
• Programmers will need to design code for at least 10 million simultaneous connections.
• Neither manual administration, nor rebuilding infrastructure later, will save us if we default to lousy encryption now.
EUGENE SPAFFORDEUGENE SPAFFORD
• As network perimeters disappear, security will become more and more focused on hosts.
• Computer crime will explode, as theft of proprietary data, sabotage of competitors and attacks against law enforcement systems become major problems.
• Consumers and end-users will take more responsibility for host security, while security practitioners will become more specialized.
Pro’tectors SpeakPro’tectors Speak
• From Australia - We are going to have a better generation of hackers and crackers.
• From US - The future of high tech crime is in the movement of traditional organized crime syndicates to use this medium.
• “Weaker" organizations (third world countries, terrorist cells) using the computer and Internet to gain power.
Pro’tectors SpeakPro’tectors Speak
• Financial crimes will rise significantly. • Traditional crimes(i.e..Narcotics) will
benefit from strong keyless encryption. • Denial of Service attacks will be used
routinely for corporate espionage.• Employee damage will increase as
computer literacy increases.• Voice over IP without adequate
encryption will be a nightmare.
Law Law Enforcement’sEnforcement’s Future Future
• Local L.E. will have to take a far greater role. Federal LE can not handle the problem nor should they be considered the primary contact. Some type of structure needs to be created to allow local and state agencies to investigate cases easier that cross state lines. LE must change it's hiring practices and recruit computer science majors.
Common Sense ApproachCommon Sense Approach
• The lack of loyalty displayed in the workplace is going to cripple the integrity of internal security measures over the next 5 years.
• CI analysts are finding it easier to interview new hires.
• Deja.com!
• Shortages create desperate hiring practices.
• It is easy to break in, but terribly difficult to protect.
Cyber-FuturisticCyber-Futuristic
• All that is needed to create the product is the desire.
• An intelligent individual has no boundaries to create whatever they wish.
• Use your imagination. There will be virtual crime, on another dimension. There will be “persona defenses.”
• Think ahead.
SummarySummary
• Legislation will need a major overhaul in order to meet the speed and flexibility of digital crimes. Jurisdiction needs definition.
• Cybercops need money and support.• System Administrations need money and
support.• Software vendors need to be held
responsible.• Hiring practices need drastic improvement.
Questions?Questions?
